AD Tidy – Free Active Directory Clean Up Tool

I recently started working on a new project – an application that would tell you when a user or computer last logged on to your Active Directory domain so that you could identify old unused accounts. I got the application up and running fairly quickly and it did get the last logon for all users/computers in our domain, but once we had identified the unused user accounts we then needed to disable, delete or move accounts that had not logged on for over X number of days. After some searching I found that there don’t seem to be any free applications that can do this (there are plenty of free scripts but all of the nice user friendly GUI apps you have to pay for) … so I decided to extend my application to provide this functionality (and more) and make it completely free for anyone to download and use, as many times as they want and on as many users/domains as they want.

EDIT: VERSION 1 CAN BE DOWNLOADED HEREOR YOU CAN TRY THE BETA OF VERSION 2.0 HERE

The application is not yet finished but I am working on it as much as I can (when I’m not at work) so the first version should be complete within the next 2 or 3 weeks – so by the 28th August 2010 at the latest hopefully. Of course if quite a few people comment on this blog or email me saying that they would definitely be interested in using the app then that might prompt me to get it completed a little quicker 🙂

Search for accounts in any domain you have access to, using user friendly dialogs to select the domain or container/OU to search (no LDAP path knowledge required)

Get last logon information from all DCs in the domain or select individual DCs to query

Option to only find accounts that have not logged on for X number of days

For any accounts that you select from the results of your search, you can perform any of the following actions:

Disable accounts

Rename accounts

Enable accounts

Update account descriptions

Move accounts to another container/OU

Delete accounts

Add accounts to group

Remove accounts from group

Remove accounts from all groups

Export details to CSV file

Specify alternate credentials to connect to domain with (if the account you are logged on with does not have the necessary permissions)

Easily save search settings and reload them next time you launch the application

Exclude accounts that have never logged on

Exclude disabled accounts

Exclude specific user/computer names

If you have any other features that you would like to see added in there then feel free to let me know, either by leaving a comment here or by sending me an email at cwright@cjwdev.co.uk and I will see if I can fit your suggestion in to the first release. If I don’t manage to get your feature request in to the first version then it will be in the next version, which will not take months to be released – I plan on bringing out new versions often, or as soon as there is a decent new feature available.

EDIT: VERSION 1 CAN BE DOWNLOADED HEREOR YOU CAN TRY THE BETA OF VERSION 2.0 HERE

24 responses to AD Tidy – Free Active Directory Clean Up Tool

I’ve been looking for a tool like this for such a long time! My company manages networks for many different organizations, and housekeeping is always a real pain with user and computer turnover. Especially since many of our customers have SBS servers, and have a fairly low max license count.
I am downloading the beta, and will post some feedback.
Thanks a million!

Thanks 🙂 would love to hear what you think of the BETA. The final version of the app is nearly finished now, should be another week and then it will be ready for public download. There is one bug in the BETA that I should warn you about (which has been fixed for the final version), though it probably wont affect you if you are dealing with SBS servers – the search will not bring back more than 1000 results from each DC it queries.

Oh and I work at an IT support company like you as well so I’ve put a lot of effort into making this app work for domains that your user/computer accounts is not a member of. All of the other similar apps that I have tried (that you have to pay for) seem to only work with your local domain, but mine will work even if you just VPN in to a network from a home PC – basically as long as you are able to resolve the domain name and DC names then it should work.

I doubt that bug will ever really be an issue for me. Our largest customer is a couple hundred nodes, so not too worried about the 1000 result limit. Works great so far! I’ve never had so much ease in cleaning up a DC before.
One question I have, I haven’t yet tried this on a DC running exchange, (ie: pretty much any SBS server). My question is, when deleting an SBS user from the AD, the system prompts you if you would also like to delete their exchange mailbox. I was afraid to experiment with this on a production server, have you tested this instance? I don’t mind if it doesn’t, but just so I know to take note of the stale users before deleting them from the ADTidy window, so I can manually delete the same object from the exchange server.
Once again, kudos on an amazing app, you’ve made my working life so much easier! Work smarter, not harder, that’s my philosophy.
If you ever find yourself in Ottawa Canada, let me buy you a beer!

haha I’m not sure I will ever be in Ottowa Canada (I live in England) but thanks for the offer 🙂 As for the SBS question – no this app wont do anything with Exchange accounts so you would have to manually remove those I’m afraid. You could use the Export To CSV action in my program before you use the disable/delete action so that you have got a list of all of the users that you have modified 😉
Oh and I would still recommend waiting for the full version to come out next week before you use the app for any serious work as there are quite a few additional features and bug fixes in it 🙂 I’ve mentioned pretty much all of the features that will be in the final version in this post that I posted today: https://cjwdev.wordpress.com/2010/08/25/ad-tidy-active-directory-clean-up-tool-update/

Not a problem, I appreciate all the work you’ve put into this app. I’ve only been using it as a lookup tool for the moment, to query for old objects, and making any other changes manually. I was definitely going to be waiting for the complete version before I tried any of the integrated features on productions sytems. I love beta apps, but you can’t be too careful.
As soon as the final version is available, I will be the first to download.
Thanks again!

I’ve been out of the loop for a bit, and I haven’t gotten around to an update on here for a while, I just wanted to drop by and say that this is the most amazing server maintenance app that I’ve ever come accross. I haven’t run into any issues with version 1.0 so far.
Thanks again for taking the time to set this up for your fellow administrators, and especially for making this available at no cost.

Thanks Mike 🙂 and thanks a lot for the donation, it is very much appreciated!
If any of my other apps look useful to you then just let me know if you want any of the paid for versions and will give you a discount. You can find my other apps here: http://www.cjwdev.co.uk/Software.html

Have you had a look at the new Group Policy “Preferences” items in Server 2008? You can use these to reset the local admin password on workstations (as long as the workstations are Vista or above, or they have the GPO Preferences CSE installed)

It’s a nice tool to manage AD, but I face a question. I can run this tool by every “Domain Admins”, but after I got the user or computer accounts that I want. I can’t take action(like move to other OU) by any “Domain Admins” except the Domain “Administrator”. Did anyone face this problem? How can I fix it? I guess it’s permission problem, but I don’t know how to do….Thanks